Privacy Policy

Introduction

In the ordinary course of our business, Nauticalia collects, stores, processes, and shares different types of information, including some personally-identifiable data. Generally, this is to enable us to process and fulfill orders, market and sell our products, protect ourselves and our customers from fraud, and deliver a high standard of customer service.

The purpose of this document is to explain how we handle personally-identifiable data in a way that is transparent, secure, and complies with current regulations. It also explains your rights in asking us to give you access to data, deleting data, and giving us permission for using it for certain activities.

Because our commercial activities are varied, and the way we handle specific data for each of these activities varies slightly, we have detailed policy additions specific to these interest groups below. It may be that, in the course of your dealing with Nauticalia, your data may fall into more than one category. For example, if you go into one of our shops and they agree to post goods to you, then the Retail Offline Sales and Direct Retail Sales sections will be relevant. In the case of an employee who also purchases a product in-store, the Employees and Retail Offline Sales sections will apply.

It is likely that we will make changes to this Policy from time to time. If we change our Privacy Policy we will post the changes on this page. 

About Nauticalia

Nauticalia is part of the Lynn Lewis Ltd group of companies. This policy applies to all companies in the group – where you see ‘Nauticalia’, ‘we’, or ‘us’ within this policy, it will also apply to Lynn Lewis Ltd, and The Ferry Point Ltd. 
You can write to us at: The Data Protection Officer, Nauticalia Ltd, Ferry Lane, Shepperton, Middlesex, TW17 9LQ, UK. 
You can call us on +44 (0)1932 244396.
You can e-mail: [email protected]
You can visit: www.nauticalia.com

Your Rights

All personal information collected, stored, processed, and shared by Nauticalia is treated in accordance with relevant legislation including the General Data Protection Regulations. 

Under these regulations, you have the right to request:
access to the personal data we hold about you.
the correction of your personal data when incorrect, out of date or incomplete
deletion or anonymisation of certain pieces of information – this is also known as your ‘right to be forgotten’. However, this may mean that you lose access to information such as contracts and transactions, and communication preferences that you later wish to rely on.
that we stop any consent-based processing of your personal data after you withdraw that consent.
that we stop using your personal data for direct marketing (either through specific channels, or all channels).
You may do so by contacting our Data Protection Officer at the address above, and making a ‘subject access request’. A small fee may be payable. If we choose not to action your request we will explain to you the reasons for our refusal.

Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

The Legal Bases We Use

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

Contractual obligations
We will need to collect, store, process, and share some personal data in order to fulfil our contractual obligations with you. For example, if you order a product for home delivery, we will record details of the transaction and pass the delivery details on to our courier company who will act on our behalf as a data processor according to their privacy policy. We will also keep records of the transaction to enable us to fulfil after-sales service, warranty, and product safety recall obligations.

Legitimate interest
In certain situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business, and which does not materially impact your rights, freedom or interests. For example, we may use your purchase history to send you or make available personalised offers. 
We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or develop new products/services. We will also use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.

Consent
We can collect, store, process, and share your data with your consent. This is likely to be used in relation to how you prefer to receive marketing information from us. We will explain to you that we will use this information for sending you product information by post or electronically, and that you can opt in or out at any point in the future, and we will record your permission for us to do so. We may employ a third party to help us in these activities who will act on our behalf as a data processor according to their privacy policy.
We may also ask if you would like us to share these details with other organisations whose products may interest you so that they can contact you about their products. You will be able to opt in or out of this at any time. 

Finally, if the law requires us to, we may need to collect, store, process, and share your data. For example, for the purposes of crime prevention and public safety.

Non-personal Information (online browsing)

Applies to visitors to all our websites:
www.nauticalia.com, www.nauticalia-trade-sales.com, www.directorchairs.co.uk, www.sailingcalendars.co.uk, www.nauticalia-marine-services.co.uk

Browsing Information
Anonymised and aggregated information such as IP address (the location of the computer on the internet), pages accessed, traffic sources, and files downloaded helps us to determine how many individuals use our sites, how many people visit on a regular basis, which pages are most popular and which pages are least popular. This information doesn't tell us anything about who you are, where you live, or what other websites you visit - it simply allows us to monitor and improve our service.

This information is collected for us by Google, Facebook, our website service providers (currently Antropy and Paraspar) and e-mail marketing service providers (currently Mailchimp, Dotmailer, and Bronto) in real-time whilst you are using our online services. They act on our behalf as data processors to store, process, and destroy information according to their privacy policies, and they may store the information on computers located outside the UK.

At the same time, some other elements of your online activity will be recorded in a way that is not anonymous – such as whether you received or opened an e-mail, and when you last visited a website. This is detailed in the relevant sections below.

Use of cookies
Cookies are very small text files (usually consisting of just a few letters and numbers) that website servers place on your computer to enable them to recognise you and remember details of your visit. For example, when you add something to your shopping basket, the cookie placed on your computer enables us to remember its contents as you browse the site. They can also help us enhance your visit by pre-filling some forms for you or tailoring the content that you see.

Cookies help us gather information (on an aggregated anonymous basis) about how our sites are used. This data shows us how many visitors we have, which pages are the most popular, which products people search for etc. We use it to help improve our site’s usability.

Finally, we may also use cookies to help us tailor any product advertising we place elsewhere on the internet to your particular interests, based on your browsing history.

Most web browsers automatically accept cookies but, if you prefer, you can change your browser settings to prevent that. Please read the information that came with your browser software to see how you can set up your browser to notify you when you receive a cookie, you can then decide whether or not to accept it. However, as with most online shopping sites, having your cookies enabled is essential for shopping online at Nauticalia. Generally, cookies expire after a certain time, but you may choose to clear yours after each visit via your browser settings.

Cookies do not enable us to view or store any personal information, or details of other sites you may visit. If you choose to browse any website owned by Nauticalia with your browser set to accept cookies, you consent to their use as detailed above.

Please call us on +44 (0)1932 235550 if you would like any further information about how we use cookies. 

Links
Please note that we are not responsible for the content of third party websites that you may visit via links on our website, which may change or be removed at any time. You should always check the privacy policy of each website that you visit.

Retail Offline Sales

Applies to customers of and visitors to any of our shops, events and exhibitions, or concessions.

Standard Transactions
The majority of our in-store transactions are anonymous – we do not require any personal information in order to process transactions, and we do not see or store payment card details as they are handled by our bank’s terminals. However, we may ask you for contact details for future marketing purposes – name, address, e-mail address etc. We will explain to you that we will use this information for sending you product information by post or electronically, and that you can opt-out at any time, and we will record your permission for us to do so. We may also ask if you would like us to share these details with other organisations whose products may interest you. This information will be used and stored according to the Direct Retail Sales section of this policy.

Special Order Transactions
If you request a product that is not in stock or would like us to send your purchase to a particular delivery address, we will require some personal information in order to fulfil the transaction – name, address, telephone number, and e-mail address. This may initially be hand-written in-store, but will be sent by e-mail, stored and processed at our head office, along with details of the product purchased according to the Direct Retail Sales section of this policy.

We may also ask you if you would like us to use these contact details for future marketing purposes – name, address, e-mail address etc. We will explain to you that we will use this information for sending you product information by post or electronically, and that you can opt-out at any time, and we will record your permission for us to do so. We will also ask if you would like us to share these details with other organisations whose products may interest you. This information will then be used and stored according to the Direct Retail Sales section of this policy.

In-store paperwork containing personal information will be shredded in-store once the transaction has been completed.

CCTV
All our shops are equipped with CCTV to record images and video in-store for the purposes of crime prevention, employee and public safety, shop management and maintenance, and internal disciplinary proceedings. Notices in shop windows convey this information to visitors that may not have read this policy before arrival.
Data is stored on-site for 30 days, after which time the system overwrites old recordings with new ones. In the ordinary course of our business, these recordings are not shared. However, in the event of an incident, we would share our CCTV recordings with the relevant authorities:
Police
Fire Service
Local authorities/councils
Landlords, their agents, and security staff
Health & Safety executive
Insurers
Upon request or where required to do so by law. Data may also be shared in accordance with court procedure during any legal disputes between the Company and data subject(s). All data sharing takes place via registered mail, password-protected documents or SFTP transfer.

Employees

Applies to anyone working for Nauticalia as a direct employee, and people applying to work at Nauticalia. Does not apply to agency staff and contractors (who will be treated according to the Suppliers section of this policy).

Nauticalia collects, stores, processes, and shares personal information about employees for general administration, insurance, and payroll purposes, tax and national insurance processing, disciplinary and health & safety recording, and to ensure compliance with relevant employment legislation.

This information includes 
Name, Address, e-mail, car registration, etc
Bank account details
Salary/Payroll history
Accident/Sickness History
Holidays
Driving licence details
Disciplinary process records
Tax/National Insurance details
Clocking in/out, attendance
CCTV (See CCTV)
Employment contracts
Copy passports (or rights/permits to work)
Emergency contact details (third party e-mail, phone, mobile)
Pension account details
Third party employment reference contact details

This data is collected directly from each employee either electronically or via paperwork (which is sent by post or internal mail in the case of employees not based at head office). It is stored and processed at head office. Paper documents are filed securely at our head office and can be accessed by company Directors, the Financial Controller, and Commercial Manager. Documents whose contents have been digitised are securely shredded on site. Information held on computer is password protected and further secured by Firewall protection and, again, can be accessed by company Directors, the Financial Controller, and Commercial Manager.

We share this information with third parties who act on our behalf as data processors to store, process, and destroy information according to their privacy policies:
our accountants, for the purposes of payroll, tax, and National Insurance processing 
our employment pension provider for the purpose of maintaining employees’ pension contributions and accounts
HMRC (in the case of tax and National Insurance affairs)
government authorities such as police and immigration officials
DVLA
health & safety executive
insurers 
upon request or where required to do so by law. Data may also be shared in accordance with court procedures during any legal disputes between the Company and employees. All data sharing takes place via registered mail, password-protected documents or SFTP transfer.

Data will be stored for six years plus the current financial year, after which time everything except name, start/end dates, final salary, disciplinary, and accident/sickness records will be securely destroyed. The remainder will be kept indefinitely as we might reasonably expect claims/enquiries relating to historic employment to occur at any time in the future.

Upon commencement of employment, or whenever there is a material change to this policy, the attention of employees will be drawn to this document – both as a data subject and in reference to their data management obligations. As the collection, storage, and sharing of data is required by law and/or essential to our legitimate interest in maintaining a normal working relationship with our employees and fulfilling our contractual obligations, we will not require further consent from each employee.

Wholesale Customers

Applies to anyone buying Nauticalia products or services in a commercial (business to business) capacity, directly from our head office rather than our shops. Also refer to Non-personal Information section regarding online browsing data.

We collect data, which may include some personally identifiable data, to enable us to maintain a normal transactional relationship with our business-to-business customers. This includes, Company name and address, Directors’ names and addresses, e-mail addresses and telephone numbers, as well as transaction history and credit reference information. This may include details of third parties that you share with us in accordance with your privacy policy, in which case we will act as data processors for you.

You may also wish us to despatch items directly to your customers. During the course of these transactions you will supply us name and address data in accordance with your privacy policy. We will use this to fulfil the order, which includes passing it on to our chosen delivery company. We will not use the information for anything else, but will store it as one of your alternative delivery addresses in your account.

Data is collected during conversations with our staff and sales agents, including at trade shows and events, on documents you submit by mail, fax, and e-mail, orders you place, and your activities on our websites.

Data will be stored electronically on our core business system (KSE), which is password protected and further secured by Firewall protection and is accessible in Excel format by Nauticalia head office staff. Hard copies of documents such as contracts, invoices, and correspondence are filed at Nauticalia head office and accessible by all head office staff.

We also collect and store data for transaction and marketing purposes on our websites and e-mail marketing platforms. This includes some transactional and browsing behaviour in addition to the Non-personal Information above – such as whether you received or opened an e-mail message, and when you last visited our website. These third-party operated platforms act on our behalf as data processors to store, process, and destroy information according to their privacy policies. Some of this information may be stored on computers outside the UK.

Data transfers between our websites, and e-mail marketing platforms, and our head office take place securely via SFTP transfers.

In the ordinary course of our business we would not expect to share this information with anyone outside of Nauticalia. However, the following exclusions apply:
We will pass mailing data to a courier company who act on our behalf as data processors according to their privacy policies. 
If requested for a trading/credit reference from a third party.
If requested to do so by authorities such as police, HMRC, health & safety executive in the course of an investigation.
Subject to court procedure during the course of any legal dispute.
Any electronic sharing would take place securely by password-protected documents, or SFTP transfers.

We believe that the data we collect, process, and store is held and used in the legitimate interest of our business. Within our trading relationship, we will communicate with you by post and electronic means about products we have for sale, including for marketing purposes. This will be explained to new customers upon entering a prospective trading relationship, and periodically to existing customers, and we will tailor this activity according to your preferences.

We may also conduct analysis on all or part of our database to help us better understand our customers’ demographics, preferences, and locations, which may help us attempt to reach new customers/markets. We may employ a third-party organisation to help us with this who act on our behalf as data processors to store, process, and destroy information according to their privacy policies. They will not be given the authority to use this data for any reason other than the particular task they perform for us, and will be required to delete this data when the task has been completed.

Transaction data will be stored for six years plus the current financial year. After that time, it will either be deleted or securely shredded, or anonymised (records we wish to keep for longer, such as the quantity of items sold will have all personally identifiable data overwritten with ‘XXXX’). In the case of prospects – data we have recorded from potential customers, who do not go on to have a transactional relationship – records will be permanently deleted four years after the last communication.

Direct Retail Sales

Applies to customers purchasing goods for their own use with delivery direct via our website(s) or e-mail, call centre, fax, or by post. Also refer to Non-personal Information section regarding online browsing data.

Data is collected during conversations with our staff and sales agents (including trusted third-party call centres who act on our behalf as data processors according to their privacy policies), on documents you submit by mail, fax, and e-mail, orders you place, and your activities on our websites.

Data will be stored electronically on our core business system (KSE), which is password protected and further secured by Firewall protection and is accessible by Nauticalia head office staff. Hard copies of documents such as contracts, invoices, and correspondence are filed at Nauticalia head office and accessible by all head office staff.

We also collect and store data for transaction and marketing purposes on our websites and e-mail marketing platforms. This includes some transactional and browsing behaviour in addition to the Non-personal Information above – such as whether you received or opened an e-mail message, and when you last visited our website. These third-party operated platforms act on our behalf as data processors to store, process, and destroy information according to their privacy policies. Data transfers between our websites, and e-mail marketing platforms, and our head office take place securely via SFTP transfers, and information may be stored on computers outside the UK. Access to website and e-mail marketing data takes place on databases which have access limited by IP address to our head office staff.

Transaction data will be stored for six years plus the current financial year. After that time, it will either be deleted or securely shredded, or anonymised (records we wish to keep for longer, such as the quantity of items sold will have all personally identifiable data overwritten with ‘XXXX’). Personal contact data (names, address, e-mail address) will be kept for a period of six years plus the current financial year after the last contact we have from you.

Whilst we collect, store, process, and use this data in our legitimate interest, we are required to seek your express permission to use it for the following reasons. You are free to withdraw this permission at any time by contacting us, or updating your preferences online:
Sending you marketing information electronically. Note: we may send you transactional, customer service, legal, and product safety messages even if you do not give consent to marketing communications.
Sharing your name and postal address data with third-party organisations for sales/marketing purposes. 
We generally ask you for these consents when you make a purchase, sign up for e-mail newsletters, have a conversation with our shop staff, or request a catalogue. Remember, you are free to change your preferences at any time and we will inform you about how to do this each time we communicate with you or you transact with us.

We may send you information about our products and special offers by post in our legitimate interest, but we will of course respect your preferences if you tell us that you would rather not receive these. 

Sharing your data
In addition to the above, we may share (without obtaining additional explicit consent) information with third parties in the ordinary course of our business. 
We will pass mailing data to a courier company in accordance with relevant legislation and their privacy policy.
If requested to do so by authorities such as police, HMRC, health & safety executive in the course of an investigation
Subject to court procedure during the course of any legal dispute.
Any electronic sharing would take place securely by password-protected documents or SFTP transfers.

We may also conduct analysis on all or part of our database to help us better understand our customers’ demographics, preferences, and locations, which may help us attempt to reach new customers/markets. We may employ a third-party organisation to help us with this. They will not be given the authority to use this data for any reason other than the particular task they perform for us and will be stored, processed, and destroyed according to their privacy policies.

Suppliers

Applies to suppliers of goods and services to Nauticalia. Suppliers that also buy from Nauticalia in the course of their business should also refer to the Wholesale Customers section.

We collect data, which may include some personally identifiable data, to enable us to maintain a normal transactional relationship with suppliers of goods and services. This includes, Company name and address, Directors’ names and addresses, e-mail addresses and telephone numbers, as well as transaction history information.

Data will be stored electronically on our core business system (KSE), which is password protected and further secured by Firewall protection and accessible in Excel format by Nauticalia head office staff. Hard copies of documents such as contracts, invoices, and purchase orders are filed at Nauticalia head office and accessible by all head office staff.

In the ordinary course of our business we would not expect to share this information with anyone outside of Nauticalia. However, the following exclusions apply:
If we have to send items to the supplier, we will pass mailing data to a courier company in accordance with relevant legislation and their privacy policy.
If requested for a trading/credit reference from a reputable third party.
If requested to do so by authorities such as police, HMRC, health & safety executive in the course of an investigation.
Subject to court procedure during the course of any legal dispute.
Any electronic sharing would take place securely by password-protected documents or SFTP transfers.

We believe that the above is in the legitimate interest of maintaining our business and, as such, does not require any additional consent on the part of the data subject. However, we will bring our privacy policy to the attention of new suppliers, and to existing suppliers in the event of material changes to this policy. 

As we might reasonably expect issues around product safety recalls and legal and technical enquiries (the resolution of which would involve contact with the supplier and access to contracts and transaction history) to potentially occur at any point, we will store this data indefinitely.

Commercial

Applies to tenants renting office, boatyard, or mooring space.

We collect data, which may include some personally identifiable data, to enable us to maintain a normal transactional relationship with our commercial contacts. This includes, Company name and address, Directors’ names and addresses, e-mail addresses and telephone numbers, as well as transaction history and credit reference information. This may include details of third parties that you share with us in accordance with your privacy policy.

Data is collected during conversations with our staff and sales agents, including at trade shows and events, on documents you submit by mail, fax, and e-mail, orders you place, and your activities on our websites.

Data will be stored electronically on our core business system (KSE), which is password protected and further secured by Firewall protection and is accessible in Excel format by Nauticalia head office staff. Hard copies of documents such as contracts, invoices, and correspondence are filed at Nauticalia head office and accessible by all head office staff.

We also collect and store data for transaction and marketing purposes on our websites and e-mail marketing platforms. This includes some transactional and browsing behaviour in addition to the Non-personal Information above – such as whether you received or opened an e-mail message, and when you last visited our website. These third-party operated platforms act on our behalf as data processors to store, process, and destroy information according to their privacy policies.

Data transfers between our websites, and e-mail marketing platforms, and our head office take place securely by SFTP transfer.

In the ordinary course of our business we would not expect to share this information with anyone outside of Nauticalia. However, the following exclusions apply:
If we have to send items to you by post, we will pass mailing data to a courier company in accordance with relevant legislation and their privacy policy.
If requested for a trading/credit reference from a third party.
If requested to do so by authorities such as police, HMRC, health & safety executive in the course of an investigation
Subject to court procedure during the course of any legal dispute.
Any electronic sharing would take place securely by password-protected documents or SFTP transfers.

We believe that the data we collect, process, and store is held and used in the legitimate interest of our business. Within our trading relationship, we will communicate with you by post and electronic means about products we have for sale, including for marketing purposes. This will be explained to new customers upon entering a prospective trading relationship, and periodically to existing customers, and we will tailor this activity according to your preferences

We may also conduct analysis on all or part of our database to help us better understand our customers’ demographics, preferences, and locations, which may help us attempt to reach new customers/markets. We may employ a third-party organisation to help us with this. They will not be given the authority to use this data for any reason other than the particular task they perform for us and will be stored, processed, and destroyed according to their privacy policies.

Data will be stored for six years plus the current financial year. After that time, it will either be deleted or securely shredded, or anonymised (records we wish to keep for longer, such as the quantity of items sold will have all personally identifiable data overwritten with ‘XXXX’). In the case of prospects – data we have recorded from potential customers, who do not go on to have a transactional relationship – records will be permanently deleted four years after the last communication.

Events and Miscellaneous 

If you attend an event organised or sponsored by Nauticalia, we may ask you for personal information to enable us to contact you about the event arrangements. This information will be deemed as ‘transactional’ – i.e. it is necessary for the purpose that you have asked us to perform and we will not require any further consent to communicate with you about the event.

We may also ask you if you would like us to use these contact details for future marketing purposes – name, address, e-mail address etc. We will explain to you that we will use this information for sending you product information by post or electronically, and that you can opt-out at any time, and we will record your permission for us to do so. We will also ask if you would like us to share these details with other organisations whose products may interest you. This information will then be used and stored according to the Direct Retail Sales section of this policy.

Paperwork containing personal information will be shredded once the transaction has been completed.

We may also conduct analysis on all or part of our database to help us better understand our customers’ demographics, preferences, and locations.

New Catalogue Out Now

Choose from 2,500 products, including 300 new lines
Request or download your copy here...>>